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WHAT IS CLAIMED IS: 



1 1 . An authentication method comprising the steps of: 

2 generating a first security context in response to a first user authentication; 

3 generating a second security context in response to a second user authentication, 

4 wherein said second security context aggregates said first security context and a security 

5 context corresponding to an identity in said second user authentication. 

1 2. The method of claim 1 further comprising the step of saving said first security 

2 context. 

1 3. The method of claim 2 wherein said step of saving said first security context 

2 comprises the step of pushing said first security context on a stack. 

1 4. The method of claim 1 further comprising the step of receiving a user logoff 

1 5. The method of claim 4 further comprising the step of destroying said second 

2 security context in response to said step of receiving said user logoff. 

1 6. The method of claim 2 further comprising the step of reverting to said first 

2 security context in response to a user logoff. 

1 7. The method of claim 6 wherein said step of reverting to said first security context 
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2 comprises the step of popping said first security context off of a stack. 

1 8. The method of claim 1 further comprising the step of determining an access 

2 permission in response to said second security context. 



- 16- 



4 « 

AUS9-2000-0706-US1 PATENT 



1 9. A computer program product embodied in a tangible storage medium, the 

2 program product comprising a program of instructions for performing the method steps 

3 of: 

4 generating a first security context in response to a first user authentication; 

5 generating a second security context in response to a second user authentication, 

6 wherein said second security context aggregates said first security context and a security 

7 context corresponding to an identity in said second user authentication. 

1 10. The program product of claim 9 further comprising instructions for performing 

2 the step of saving said first security context. 

1 11. The program product of claim 10 wherein said step of saving said first security 

2 context comprises the step of pushing said first security context on a stack. 

1 12. The program product of claim 9 further comprising instructions for performing 

2 the step of receiving a user logoff. 

1 13. The program product of claim 1 2 further comprising instructions for performing 

2 the step of destroying said second security context in response to said step of receiving 

3 said user logoff. 



14. The program product of claim 1 0 further comprising instructions for performing 
the step of reverting to said first security context in response to a user logoff. 
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15. The program product of claim 14 wherein said step of reverting to said first 
security context comprises the step of popping said first security context off of a stack. 

16. The program product of claim 9 further comprising instructions for performing 
the step of determining an access permission in response to said second security context. 
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1 7. A data processing system comprising: 

circuitry operable for generating a first security context in response to a first user 
authentication; 

circuitry operable for generating a second security context in response to a second 
user authentication, wherein said second security context aggregates said first security 
context and a security context corresponding to an identity in said second user 
authentication. 

1 8 . The system of claim 1 7 further comprising circuitry operable for saving said first 
security context. 

19. The system of claim 18 wherein said circuitry operable for saving said first 
security context comprises the step of pushing said first security context on a stack. 

20. The system of claim 1 7 further comprising circuitry operable for receiving a user 
logoff. 

2 1 . The system of claim 20 further comprising circuitry operable for destroying said 
second security context in response to said step of receiving said user logoff. 

22. The system of claim 1 8 further comprising circuitry operable for reverting to said 
first security context in response to a user logoff. 
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1 23 . The system of claim 22 wherein said circuitry operable for reverting to said first 

2 security context comprises circuitry operable for popping said first security context off 

3 of a stack. 

1 24. The system of claim 17 further comprising circuitry operable for determining 

2 an access permission in response to said second security context. 
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